CVE-2024-50523
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the All Post Contact Form plugin. Attackers can achieve remote code execution and full server compromise. All WordPress sites using versions 1.7.3 and earlier of this plugin are affected.
💻 Affected Systems
- WordPress All Post Contact Form plugin
📦 What is this software?
All Post Contact Form by Rainbow Link
⚠️ Risk & Real-World Impact
Worst Case
Complete server takeover with attacker gaining administrative access, installing persistent backdoors, stealing sensitive data, and using the server for further attacks.
Likely Case
Web shell installation leading to data theft, defacement, or cryptocurrency mining malware deployment.
If Mitigated
File upload attempts blocked at web application firewall level with no successful exploitation.
🎯 Exploit Status
Exploitation requires no authentication and can be automated with simple scripts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'All Post Contact Form'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.7.4+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate allpost-contactform
Web Application Firewall rule
allBlock file uploads to the contact form endpoint
Modify WAF to block POST requests containing file uploads to /wp-content/plugins/allpost-contactform/
🧯 If You Can't Patch
- Remove the plugin entirely and use alternative contact form solutions
- Implement strict file upload restrictions at server level (e.g., .htaccess rules blocking PHP execution in upload directories)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > All Post Contact Form version numberCheck Version:
wp plugin get allpost-contactform --field=versionVerify Fix Applied:
Confirm plugin version is 1.7.4 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-content/plugins/allpost-contactform/upload.php with file uploads
- Unexpected PHP file creation in upload directories
- Web server error logs showing file type validation failures
Network Indicators:
- Unusual outbound connections from web server to unknown IPs
- Increased traffic to upload endpoints
SIEM Query:
source="web_server.log" AND (uri_path="/wp-content/plugins/allpost-contactform/upload.php" OR file_extension=".php") AND http_method="POST"